<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>SAML prepare authentication API | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'security-api-saml-prepare-authentication.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/security-api-saml-prepare-authentication.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/security-api-saml-prepare-authentication.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/security-api-saml-prepare-authentication.html" rel="nofollow" target="_blank">../en/security-api-saml-prepare-authentication.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="rest-apis.html">REST APIs</a></span>
»
<span class="breadcrumb-link"><a href="security-api.html">Security APIs</a></span>
»
<span class="breadcrumb-node">SAML prepare authentication API</span>
</div>
<div class="navheader">
<span class="prev">
<a href="security-api-oidc-logout.html">« OpenID Connect logout API</a>
</span>
<span class="next">
<a href="security-api-saml-authenticate.html">SAML authenticate API »</a>
</span>
</div>
<div class="section xpack">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="security-api-saml-prepare-authentication"></a>SAML prepare authentication API<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/saml-prepare-authentication-api.asciidoc">edit</a><a class="xpack_tag" href="https://www.elastic.co/subscriptions"></a>
</h2>
</div></div></div>
<p>Creates a SAML authentication request (<code class="literal">&lt;AuthnRequest&gt;</code>) as a URL string, based on the configuration of the respective SAML realm in Elasticsearch.</p>
<div class="note admon">
<div class="icon"></div>
<div class="admon_content">
<p>This API is intended for use by custom web applications other than Kibana.
If you are using Kibana, see the <a class="xref" href="saml-guide.html" title="Configuring SAML single-sign-on on the Elastic Stack"><em>Configuring SAML single-sign-on on the Elastic Stack</em></a>.</p>
</div>
</div>
<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-saml-prepare-authentication-request"></a>Request<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/saml-prepare-authentication-api.asciidoc">edit</a>
</h3>
</div></div></div>
<p><code class="literal">POST /_security/saml/prepare</code></p>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-saml-prepare-authentication-desc"></a>Description<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/saml-prepare-authentication-api.asciidoc">edit</a>
</h3>
</div></div></div>
<p>This API returns a URL pointing to the SAML Identity
Provider. You can use the URL to redirect the browser of the user in order to
continue the authentication process. The URL includes a single parameter named <code class="literal">SAMLRequest</code>,
which contains a SAML Authentication request that is deflated and
Base64 encoded. If the configuration dictates that SAML authentication requests
should be signed, the URL has two extra parameters named <code class="literal">SigAlg</code> and
<code class="literal">Signature</code>. These parameters contain the algorithm used for the signature and
the signature value itself.
It also returns a random string that uniquely identifies this SAML Authentication request. The
caller of this API needs to store this identifier as it needs to used in a following step of
the authentication process (see <a class="xref" href="security-api-saml-authenticate.html" title="SAML authenticate API">SAML authenticate API</a>).</p>
<p>Elasticsearch exposes all the necessary SAML related functionality via the SAML APIs.
These APIs are used internally by Kibana in order to provide SAML based
authentication, but can also be used by other custom web applications or other
clients. See also <a class="xref" href="security-api-saml-authenticate.html" title="SAML authenticate API">SAML authenticate API</a>,
<a class="xref" href="security-api-saml-invalidate.html" title="SAML invalidate API">SAML invalidate API</a>, and
<a class="xref" href="security-api-saml-logout.html" title="SAML logout API">SAML logout API</a>.</p>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-saml-prepare-authentication-request-body"></a>Request body<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/saml-prepare-authentication-api.asciidoc">edit</a>
</h3>
</div></div></div>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">acs</code>
</span>
</dt>
<dd>
(Optional, string) The Assertion Consumer Service URL that matches the one of the SAML
realms in Elasticsearch. The realm is used to generate the authentication request.
You must specify either this parameter or the <code class="literal">realm</code> parameter.
</dd>
<dt>
<span class="term">
<code class="literal">realm</code>
</span>
</dt>
<dd>
(Optional, string) The name of the SAML realm in Elasticsearch for which the configuration is
used to generate the authentication request. You must specify either this parameter or the <code class="literal">acs</code>
parameter.
</dd>
</dl>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-saml-prepare-authentication-response-body"></a>Response body<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/saml-prepare-authentication-api.asciidoc">edit</a>
</h3>
</div></div></div>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">id</code>
</span>
</dt>
<dd>
(string) A unique identifier for the SAML Request to be stored by the caller
of the API.
</dd>
<dt>
<span class="term">
<code class="literal">realm</code>
</span>
</dt>
<dd>
(string) The name of the Elasticsearch realm that was used to construct the
authentication request.
</dd>
<dt>
<span class="term">
<code class="literal">redirect</code>
</span>
</dt>
<dd>
(string) The URL to redirect the user to.
</dd>
</dl>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-saml-prepare-authentication-example"></a>Examples<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/saml-prepare-authentication-api.asciidoc">edit</a>
</h3>
</div></div></div>
<p>The following example generates a SAML authentication request for the SAML realm with name <code class="literal">saml1</code></p>
<div class="pre_wrapper lang-console">
<pre class="programlisting prettyprint lang-console">POST /_security/saml/prepare
{
  "realm" : "saml1"
}</pre>
</div>
<div class="console_widget" data-snippet="snippets/2129.console"></div>
<p>The following example generates a SAML authentication request for the SAML realm with an Assertion
Consuming Service URL matching `https://kibana.org/api/security/v1/saml</p>
<div class="pre_wrapper lang-console">
<pre class="programlisting prettyprint lang-console">POST /_security/saml/prepare
{
  "acs" : "https://kibana.org/api/security/v1/saml"
}</pre>
</div>
<div class="console_widget" data-snippet="snippets/2130.console"></div>
<p>This API returns the following response:</p>
<div class="pre_wrapper lang-js">
<pre class="programlisting prettyprint lang-js">{
  "redirect": "https://my-idp.org/login?SAMLRequest=fVJdc6IwFP0rmbwDgUKLGbFDtc462%2B06FX3Yl50rBJsKCZsbrPbXL6J22hdfk%2FNx7zl3eL%2BvK7ITBqVWCfVdRolQuS6k2iR0mU2dmN6Phgh1FTQ8be2rehH%2FWoGWdESF%2FPST0NYorgElcgW1QG5zvkh%2FPfHAZbwx2upcV5SkiMLYzmqsFba1MAthdjIXy5enhL5a23DPOyo6W7kGBa7cwhZ2gO7G8OiW%2BR400kORt0bag7fzezAlk24eqcD2OxxlsNN5O3MdsW9c6CZnbq7rntF4d3s0D7BaHTZhIWN52P%2BcjiuGRbDU6cdj%2BEjJbJLQv4N4ADdhxBiEZbQuWclY4Q8iABbCXczCdSiKMAC%2FgyO2YqbQgrIJDZg%2FcFjsMD%2Fzb3gUcBa5sR%2F9oWR%2BzuJBqlPG14Jbn0DIf2TZ3Jn%2FXmSUrC5ddQB6bob37uZrJdeF4dIDHV3iuhb70Ptq83kOz53ubDLXlcwPJK0q%2FT42AqxIaAkVCkqm2tRgr49yfJGFU%2FZQ3hy3QyuUpd7obPv97kb%2FAQ%3D%3D"}",
  "realm": "saml1",
  "id": "_989a34500a4f5bf0f00d195aa04a7804b4ed42a1"
}</pre>
</div>
</div>

</div>
<div class="navfooter">
<span class="prev">
<a href="security-api-oidc-logout.html">« OpenID Connect logout API</a>
</span>
<span class="next">
<a href="security-api-saml-authenticate.html">SAML authenticate API »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>